Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-29 | CVE-2016-0754 | Improper Input Validation vulnerability in Haxx Curl cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name. | 5.3 |
| 2016-01-27 | CVE-2016-1983 | Improper Input Validation vulnerability in Privoxy The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header. | 7.5 |
| 2016-01-27 | CVE-2016-1982 | Improper Input Validation vulnerability in Privoxy The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content. | 7.5 |
| 2016-01-25 | CVE-2016-1612 | Improper Input Validation vulnerability in Google Chrome The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code. | 7.6 |
| 2016-01-22 | CVE-2016-1570 | Improper Input Validation vulnerability in XEN The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates. | 8.5 |
| 2016-01-20 | CVE-2016-1929 | Improper Input Validation vulnerability in SAP Hana The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978. | 9.3 |
| 2016-01-20 | CVE-2015-8705 | Improper Input Validation vulnerability in ISC Bind buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option. | 7.0 |
| 2016-01-20 | CVE-2015-8704 | Improper Input Validation vulnerability in ISC Bind apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. | 6.5 |
| 2016-01-20 | CVE-2015-4951 | Improper Input Validation vulnerability in IBM Tivoli Storage Manager Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted Web client URL. | 5.3 |
| 2016-01-16 | CVE-2015-6864 | Improper Input Validation vulnerability in HP Arcsight Logger HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component. | 6.3 |